[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FW-1 and PPTP
http://www.phoneboy.com/fw1/faq/0321.html PPTP Q: How can I make FireWall-1 work with PPTP? A: You must add a rule permitting access between your PPTP clients and server. PPTP uses two services: TCP port 1723 for a control session A variation of the GRE protocol (IP Protocol 47) for data. To create this last service, create the service as a service of type Other. For the name, use PPTP-Data. In the match field, put: ip_p = 47, [22:2,b] = 0x880B (Note: ip_p = 47 identifies the IP protocol type as GRE. [22:2,b] = 0x880B identifies the payload protocol as GRE.) The rules look like this: Source Destination Service Action PPTP-Clients PPTP-Server PPTP-Control PPTP-Data Accept PPTP-Server PPTP-Clients PPTP-Control PPTP-Data Accept PPTP will work with Static NAT, but not HIDE NAT. > -----Original Message----- > From: Johnny Trujillo [mailto:[email protected]] > Sent: Tuesday, January 09, 2001 1:03 PM > To: [email protected] > Subject: [FW1] FW-1 and PPTP > > > > Has anyone there have experience of running MS VPN > PPTP through FW-1, we have the need to save and print > to a remote site in a secure way using Terminal Server > from our site servers to the user's site workstations > behind a CKP FW-1. They are using NAT and their FW > blocks their packets to come to us. without the VPN > they can ping and traceroute to us, with PPTP enable, > their FW blacks all packets to us. Any solutions, > sugestions? > > Thank you in advance > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - Share your holiday photos online! > http://photos.yahoo.com/ > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|